Generally, if a user accesses a file system object in a file system, the file system program performs the access control processing for determining whether the user is permitted to access the file system object or not. At this point, the file system object refers to a file, a directory, a folder, or others. Hereinafter, unless otherwise specified, the file system object is abbreviated as a “file.”
The access control processing is performed in accordance with access control information. The typical types of access control information are the two described below.    (1) Permission information    (2) ACL (Access Control List)
The permission information defines access right information for three types of targets; namely, the file owner, the owner group, and other users. The access right information is configured of three types of information, the reference right information (r), the update right information (w), and the execution right information (x). Therefore, the amount of information is a fixed size of 9 bits from 3×3. The access control based on the permission information has been adopted by the OS of the Unix (registered trademark) system. If the permission information is adopted, the two areas described below are prepared as the file storage areas.
Basic file attribute area
The basic file attribute area is of a fixed size, in which the basic metadata information of the file such as the time of creating the file and the time of updating the file is stored. Furthermore, in the relevant area, the permission information of the file is stored.
User data area
In the user data area, user specified data is stored. Therefore, the user data area is of a variable size.
The other type, the ACL information, can define access right information for unspecified users. Furthermore, the ACL information can define a larger number of rights than the three types defined by the permission information. The typical OS performing the access control based on the ACL information is Windows NT (registered trademark). Note that the concrete examples of the ACL information are the POSIX ACL information, the NTFS ACL information, and the NFSv4 ACL information. Patent Literature 1 discloses the access control using the ACL.
Note that the ACL information, which stores access right information for various types of users, becomes the information of a variable size. Therefore, if the ACL information is adopted, instead of not including the permission information in the basic file attribute area, an extended file attribute area to store the ACL information is prepared as a file storage area. Note that the extended file attribute area is of a variable size, in which the metadata information of the file not stored in the basic file attribute area may be stored.
Since the above-mentioned sophisticated access control is possible, the file access control based on the ACL information is largely adopted in recent years. However, the access control based on the ACL information has a problem of high processing cost. That is because, while access control based on the permission information enables the processing only by reading the data in the basic file attribute area, access control based on the ACL information requires reading the data in the extended file attribute area.
Non-Patent Literature 1 discloses the speed-up technology for achieving the high-speed access control by using the ACL information stored in the extended file attribute area. As more specifically described, it is disclosed that, by storing various types of right information related to the file owner included in the ACL information in the basic file attribute area and, when performing the access control processing, firstly referring to the various types of right information stored in the basic file attribute area, the frequency of referring to the extended file attribute area is inhibited.
Note that the above-mentioned access control processing in which a part of the ACL information stored in the extended file attribute area is stored in the basic file attribute area and, at the time of the access control processing, the various types of right information stored in the basic file attribute area is precedingly referred to is called the preceding access control, and the file storage system comprising this type of control is called a preceding access control compliant file storage system.